Home
 » ISP News » 
Sponsored

UK ISP TalkTalk Criticised for Questionable Router Security Advice

Wednesday, December 7th, 2016 (2:48 pm) - Score 1,294

Last week several broadband ISPs in the UK were attacked by a new Internet worm called Mirai (here), which hijacked their routers. TalkTalk’s older DSL-3780 was one of the devices to be hit and the ISP was quick to patch the problem, but oddly they have not advised customers to change WiFi passwords.

A number of reports, including ours, warned that the vulnerability exploited by Mirai could also be used to steal the WiFi password for infected networks. TalkTalk’s firmware fix also resets this password back to the default, although most people never change the default (note: the password tends to be different for every router that TalkTalk sends out).

Admittedly a hacker with knowledge of this password would still need to a) know where your network is in the real-world (they could in theory get this by snooping on your Internet traffic) and, b) be sitting within its coverage in order to access it (e.g. right outside your house). All of this does rather limit the risk, but never the less it would be good practice for the ISP to recommend that customers change the default WiFi password.

However this isn’t what TalkTalk have been telling customers to do.

TalkTalk’s Security Update

As is widely known, the Mirai worm is an industry issue impacting many companies around the world, and a small number of you may have been affected.

We can reassure you that there’s no risk to your personal information as a result of this router issue, and there’s no need for you to reset your wifi password. However if you’ve any concerns you can follow these step by step instructions to change your wireless name and password.

Understandably anything that can hijack your router and snoop on your Internet traffic, as well as potentially steal your WiFi password, does in fact place a very obvious risk upon your personal information. Suffice to say that more than a few security experts have been surprised by TalkTalk’s “advice” and so are we.

Pen Test Partners Statement

Most routers are made in the far east, most of the affected routers have components in them made by a group of companies called Ralkink / Econet / Mediatek. No-one is certain, but some think that the manufacturers of the routers had software written for them that didn’t secure the ‘TR-064’ protocol correctly.

The ISPs should have done a better job of checking their routers before sending them to customers. The manufacturers should have had the software written securely in the first place.

The TR-064 issue has been known about for a while, though until recently few realised just how serious it was. Until someone started building the bot-net and peoples routers stopped working, few were taking this seriously.

We run what’s called a ‘honeypot’ router – this is a piece of software that looks like one of these routers and helps us monitor odd activity on the internet. When we saw weird requests, we realised that peoples Wi-Fi keys and worse could be stolen. That’s when we realised just how serious this issue is.

Go and check your router now, update it and change your Wi-Fi keys urgently. Hopefully ISPs will realise the error of their ways and replace the routers too.

Whilst you’re at it, make sure you us a password manager and always use two step verification when logging in to web sites and apps.

So far the only UK providers to have admitted being hit are TalkTalk, KCOM and the Post Office, although there may be others and Mirai could conceivably be adapted to hit a wider range of devices in the future. As such we’ve been calling on all ISPs that supply their own routers to take a pro-active approach towards ensuring that the same style of attack cannot hurt them in the future. Likewise customers with third-party routers would do well to check for a new firmware update, just in case.

Meanwhile the BBC claims that they’ve been contacted by someone who said he had access to a database of 57,000 router IDs (SSID / MACs) and passwords, which had been scraped before any fix had been rolled out. A sample of 100 were sent to the BBC and TalkTalk confirmed the details, but the ISP said that they haven’t “seen anything to suggest that there are 57,000 of them out there.”

Surely 100 is enough of a warning and just when we thought TalkTalk had turned a corner after last year’s cyber-attack. When it comes to security, a little paranoia is a good thing. Change the WiFi password.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Tags: ,
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
7 Responses
  1. FibreFred says:

    I would say “Unbelievable” but.. it isn’t.

    Yet another TalkTalk security story…. lessons learnt? It seems not

  2. captain.cretin says:

    As I said in another thread, they arent bothered because all their (remaining), customers are used to having all their details stolen every 3-6 months.

  3. Evan Crissall says:

    Another non-story to smear TalkTalk plc. (shares up 1.97% at close Weds).

    1. AndyH says:

      Do you own shares in Talk Talk or something? Doesn’t look to be a great stock to own – now trading just off the 5 year lows.

    2. FibreFred says:

      Non story?

      Talktalk security blunders (again) sounds like a story

  4. Steve Jones says:

    The recent history surely suggest that relying on TalkTalk for advice on cybersecurity is like asking the big bad wolf about how to safeguard children.

  5. Mike C says:

    I don’t believe they will ever learn

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Ultrafast ISPs
  • Gigaclear £17.00
    Speed: 200Mbps, Unlimited
    Gift: None
  • Community Fibre £20.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • Virgin Media £24.00
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £25.00
    Speed: 100Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00
    Speed: 150Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 30Mbps, Unlimited
    Gift: None
  • Virgin Media £20.00
    Speed 54Mbps, Unlimited
    Gift: None
  • NOW £21.00
    Speed 36Mbps, Unlimited
    Gift: None
  • Shell Energy £21.99
    Speed 35Mbps, Unlimited
    Gift: None
  • Vodafone £22.00
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (4030)
  2. BT (3134)
  3. Politics (2088)
  4. Building Digital UK (2009)
  5. Openreach (1951)
  6. FTTC (1917)
  7. Business (1810)
  8. Mobile Broadband (1590)
  9. Statistics (1493)
  10. FTTH (1370)
  11. 4G (1361)
  12. Virgin Media (1266)
  13. Ofcom Regulation (1230)
  14. Wireless Internet (1224)
  15. Fibre Optic (1223)
  16. Vodafone (920)
  17. EE (900)
  18. 5G (878)
  19. TalkTalk (817)
  20. Sky Broadband (782)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact